Skip to main content

Google estimates 1.9 billion usernames are available on the black market

sticky-password-premium-deal
Image used with permission by copyright holder
Research carried out by Google in association with the University of California, Berkeley has established that there are 1.9 billion usernames and passwords being traded on the black market. What’s more, as many of 25 percent of these stolen credentials could actually be used to access a legitimate Google account.

The report used Google’s proprietary data to investigate whether or not the pilfered passwords would unlock the door to working accounts, according to Business Insider. Unfortunately, it confirmed that this is definitely the case, reaffirming the importance of proper online security.

Recommended Videos

“Through a combination of password re-use across thousands of online services and targeted collection,” reads the study. “We estimated seven to 25 percent of stolen passwords in our dataset would enable an attacker to log in to a victim’s Google account and thus take over their online identity due to transitive trust.”

Please enable Javascript to view this content

This is the danger of using the same password across multiple sites and services — if it’s exposed in one data breach, attackers might be able to combine it with known usernames or email accounts to access various different accounts.

We’ve seen plenty of breaches that left user passwords out in the open in recent years. In 2012, millions of encrypted LinkedIn passwords were leaked to the web, while we’re only just starting to understand the scope of an attack on Yahoo that took place in 2013 — in October, reports circulated that some 3 billion accounts were affected.

The researchers offer up a few different methods that people can use to protect their accounts from unauthorized access. For example, they might use a password manager that creates bespoke entry key for each individual site or service they visit, without them having to remember each one for themselves.

It’s also considered a best practice to employ two-factor authentication, especially for important accounts. This means that anyone gaining access from a new device also needs to provide a code that is typically sent to a smartphone, or an approved email account.

Of course, choosing a secure password is a good start. The top three passwords from plaintext leaks analyzed in this study were ‘123456,’ ‘password,’ and ‘123456789,’ none of which are particularly strong.

Brad Jones
Former Digital Trends Contributor
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
Windows PCs now works with the Quest 3, and I tried it out for myself
i tried windows new mixed reality link with my quest 3 alan truly sits in front of a pc and adjusts virtual screen while wear

Microsoft and Meta teamed up on a new feature that lets me use my Windows PC while wearing a Quest 3 or 3S, and it’s super easy to connect and use. I simply glance at my computer and tap a floating button to use Windows in VR on large displays only I can see.

Meta’s new Quest 3 and 3S are among the best VR headsets for standalone gaming and media consumption. When I want more performance or need to run one of the best Windows apps that aren’t yet available in VR, I can connect to a much more powerful Windows PC.
Setting up Mixed Reality Link
Scanning Microsoft's Mixed Reality Link QR code with a Meta Quest 3 Photo by Tracey Truly / Digital Trends

Read more
How to transfer your books from Goodreads to StoryGraph
Front page of a book on Onyx BOOX Go 10.3 tablet.

Goodreads has been the only game in town for Android and iOS book-tracking for a long time now, and like most monopolies, it has grown old and fat. Acquired by Amazon in 2013, avid book readers have had lots to complain about in recent years, with the service languishing unloved, with no serious updates and an aging interface. It's been due some serious competition for a long time, and lo and behold, some has arrived. StoryGraph is a book-tracking app that offers everything you'll find on Goodreads but with an algorithm that lets you know about what you might love, and adds features any bibliophile will know are essential — like a Did Not Finish list.

Read more
I played Black Myth: Wukong on the new MSI handheld to prove it was possible
Black Myth: Wukong running on the MSI Claw 8 AI+.

I scoffed when MSI put the Claw 8 AI+ in my hands with Black Myth: Wukong selected. I'd spent 80 hours in the game on my full desktop packing an RTX 4090, and I knew just how demanding the game was. It's a pipedream for a handheld gaming PC.

I pressed Continue and loaded up at the Pool of Shattered Jade rest point -- the ideal spot to farm; if you know, you know -- and proceeded to run up to the cocoons spotted around the area, unleash my spirit ability, and run back. Sitting in a dimly-lit New York City bar, I continued the loop a few more times. I'd done plenty of farming in the game before.

Read more